This was something I need for one of my customers and all credit for the below goes to Michael Shinn of Prometheus Global - home of Atomic Secured Linux.


First you will need to either pay for, or download a free database of geomaps. Check out www.maxmind.com for free database files. (They also sell database files)

Then set this in your global modsecurity configuration:

SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat

Heres a simple rule to block anything from China:

SecRule REMOTE_ADDR "@geoLookup" "chain,drop,msg:'Blocking China Host"
SecRule GEO:COUNTRY_CODE "@streq CN" "t:none"

And drop that into the vhost.conf file for that domain.

And these are the fields you can change:

COUNTRY_CODE: Two character country code. EX: US, UK, etc.

COUNTRY_CODE3: Up to three character country code.

COUNTRY_NAME: The full country name.

COUNTRY_CONTINENT: The teo character continent that the country is located. EX: EU

REGION: The two character region. For US, this is state. For Canada, providence, etc.

CITY: The city name.

POSTAL_CODE: The postal code.

LATITUDE: The latitude.

LONGITUDE: The longitude.

DMA_CODE: The metropoliton area code. (US only)

AREA_CODE: The phone system area code. (US only)